Summary
The host is running Oracle Java System Web Server and is prone to HTTP response splitting vulnerability.
Impact
Successful exploitation will allow remote attackers to conduct Cross Site Scripting and browser cache poisoning attacks.
Impact Level: Application
Solution
Apply the patch from below link,
http://sunsolve.sun.com/search/document.do?assetkey=1-79-1215353.1-1
Insight
The flaw is due to input validation error in 'response.setHeader()' method which is not properly sanitising before being returned to the user.
This can be exploited to insert arbitrary HTTP headers, which will be included in a response sent to the user.
Affected
Oracle Java System Web Server 6.x/7.x
References
Severity
Classification
-
CVE CVE-2010-3514 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- GoAhead Webserver Multiple Stored Cross Site Scripting Vulnerabilities
- AOLServer Terminal Escape Sequence in Logs Command Injection Vulnerability
- IBM WebSphere Application Server (WAS) Multiple Vulnerabilities
- CommuniGate Pro Web Mail URI Parsing HTML Injection Vulnerability
- Cherokee URI Directory Traversal Vulnerability and Information Disclosure Vulnerability